This is about using a Vault library (Spring Vault), so bear with me. I have a use case for Vault which I’m not sure is feasible:
We have Spring Boot projects which require several secrets. Currently, these are static secrets kept in properties files. We would like to move these secrets to Vault and consume them at runtime. So far, so good - the Spring Vault library allows us to set properties from Vault when the application starts.
However, what happens when the secret changes? In my perfect world, the client is aware of when the secret changes and updates the value. One way I can imagine having to do this is retrieving the version of the kv secret, and polling vault to see whether a new version is available, then implementing some internal logic in the application to change the value.
This seems like it might put some strain on Vault and generate unnecessary traffic.
Does this sound like a good way to go?
Any advice from folks who have Vault integrated into their applications would be of great help.